From nobody Sun Sep 10 13:13:11 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Rk9JR2lR4z4sH3j; Sun, 10 Sep 2023 13:13:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Rk9JR2KPRz3LyV; Sun, 10 Sep 2023 13:13:11 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694351591; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ViEIBRVEpcr8w3hHTWazjko1BdG+277i91m6vura2Do=; b=RoEU4RVMODIChAHbujYCyQi0S0VlDR4lZ0ZG6rVzLeVtlUPbJYXbAlJIcYlJDYQu4hTI9G CZLzouKixgC+ibQo79cw7CX0vglYfSzsJjKHxM9wZ4Er88p28cJa691zVWM9JP1jgmY7F8 bb62S2h+fi0hgXccvkdSemtaqkIkIdX5Tp+b13d+pG+4Z5TM9dPNKy3G2RPpkJz9EN3LHI IPSWzRUp/7HUmRRFs0yD61kHE4pU8yB4aqnPgdKjBSba7FLZVcmMaXwNec03UMAHxXjaib 59VMynwkN3ZvmrS7Cs6rbswl02iIJ1c1T1NQLcx/M1RvQPf55wEbMHN8yCMHvQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1694351591; a=rsa-sha256; cv=none; b=EZvyU3UVejI+R/JKf6vNTL/Xpg2h9dJWr54Q3NtmYGsswYpTJJs/qxho0S6eB5iF5obCL8 Vkfwc3xfhC2wtp2wCax1M+WthfNMjOn/3B5aZH7LKbadb1fOYbnJt152BE2V3hjq7oU6LN Z2FYOQL3iCiCD05pZBb5oK3nZbo/rCUNSUOK3lHz0n/v15tgAcVOaka25m/xhtIfC99BYd ekkasQsM+aOaOzaSUwYH+0TYAEqp519q+v6dmTjG4wjdmrkKkBuW/jpu+UF3RioIFEi1KY lvkjEZEjxrpj5xGfuFXKFTM+Ao4armDaweqgwmU02DhYehZ7vRDmiYxF5R6Cbg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694351591; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=ViEIBRVEpcr8w3hHTWazjko1BdG+277i91m6vura2Do=; b=rs6KEfEmeX7o39KKXH0YZj3rFmREAlFIvl/i789vLuUnuIPqTKXOeul00AzOHE3/IpxrVb 6y7auzJzh8ya3IDQjlQwOKaPCZzGG3zZh3Y41YIkMCyCLxjCHogA0DTBDJGo9o/jJ1KJZE /IzgFlNxc0HuuvAmkwBWFH1ePJdCOdCkeJ0xev7lHRxmRPY1F3O9NpnlTrbyXg7uECx3qD /OMSw/iaQrlCnvxTXMjjZj+luFpXGykL8/ttHdKDLQucyh7gWh0/i1Lz+NBYN4Unb9xO09 plgh6K6Sl8HKDsamznt6gUpbl1EM8xZ3j3ZjDF3lxpp93bLuM+u1Do8G5nCs8Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Rk9JR1Pmnz16x8; Sun, 10 Sep 2023 13:13:11 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 38ADDBXx023511; Sun, 10 Sep 2023 13:13:11 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 38ADDB0D023508; Sun, 10 Sep 2023 13:13:11 GMT (envelope-from git) Date: Sun, 10 Sep 2023 13:13:11 GMT Message-Id: <202309101313.38ADDB0D023508@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: f415a5c1bd56 - main - pfsync: fix state leak List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: f415a5c1bd56933367e42312731e4ec553e256ed Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=f415a5c1bd56933367e42312731e4ec553e256ed commit f415a5c1bd56933367e42312731e4ec553e256ed Author: Kristof Provost AuthorDate: 2023-09-08 09:21:12 +0000 Commit: Kristof Provost CommitDate: 2023-09-10 13:12:51 +0000 pfsync: fix state leak If we receive a state with a route-to interface name set and we can't find the interface we do not insert the state. However, in that case we must still clean up the state (and state keys). Do so, so we do not leak states. Reviewed by: Kajetan Staszkiewicz MFC after: 3 days Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D41779 --- sys/netpfil/pf/if_pfsync.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c index db448c9bbc48..e29c00fcb879 100644 --- a/sys/netpfil/pf/if_pfsync.c +++ b/sys/netpfil/pf/if_pfsync.c @@ -685,8 +685,10 @@ pfsync_state_import(union pfsync_state_union *sp, int flags, int msg_version) printf("%s: unknown route interface: %s\n", __func__, sp->pfs_1400.rt_ifname); if (flags & PFSYNC_SI_IOCTL) - return (EINVAL); - return (0); /* skip this state */ + error = EINVAL; + else + error = 0; + goto cleanup_keys; } break; default: @@ -734,6 +736,7 @@ pfsync_state_import(union pfsync_state_union *sp, int flags, int msg_version) cleanup: error = ENOMEM; +cleanup_keys: if (skw == sks) sks = NULL; uma_zfree(V_pf_state_key_z, skw);